Solved

VPN Connection

Posted on 2004-10-19
17
262 Views
Last Modified: 2010-04-10
Hi,  
I guess this is a very wired question, but here it is:
I am trying to set up an VPN server.  I do not want the clients to connect to the internal network (because I do not have one). I just want them to be able to browse the Internet through a VPN connection that they make to my server.  I have set up a computer with Windows 2003 server on it.  I have did set the server once but the clients could only connect to me and would not be able to browse the net.   Please tell me step-by-step how to set up my server so it can accept clients and let them browse the internet through my internet connection.

Thanks,
0
Comment
Question by:sschange
  • 7
  • 4
  • 2
  • +4
17 Comments
 
LVL 6

Expert Comment

by:gjohnson99
ID: 12352777
Do you hat Routing and remote acces installes on it  ?

0
 
LVL 10

Expert Comment

by:snerkel
ID: 12352927
Run a proxy server on the VPN server, I have found Analogx "Proxy" to work well and it is free and simple to setup.

http://www.analogx.com/contents/download/network.htm
0
 

Author Comment

by:sschange
ID: 12354090
yes, i do have the routing and remote access installed.  The clients can make a connection to me, and i can see them when they are connected but they can not browse the internet.  When i look at their status, i can see that I they are sending me packets, but their are not reciving any packets back from me.

I am going to try the analogx Proxy to see if it works.

0
 
LVL 2

Expert Comment

by:whiting002
ID: 12356724
Just out of curiousity why are you having computers connect to your server through VPN just to browse the internet?  If they are vpning into your server don't they already have to have some kind of internet access?
0
 
LVL 3

Expert Comment

by:ccceqo2
ID: 12359834
Surely you want the clients to use their own internet connection for general browsing? Unless you are trying to setup some kind of anonymous proxy for them.

If you would like them to use their own connection, they need to untick the box "use default gateway on remote network" which is located under:
vpn connection --> properties --> networking
tcp/ip --> properties --> advanced
0
 

Author Comment

by:sschange
ID: 12359917
yes, i am doing this so the clients(mostly my friends) can browse the net anonymously and also it would help them get past a few web sites blocks.  

ccceqo2,
I have done what you have suggested, but still for some reason they can not browse the internet.  As i said before, they can connect to me, and I can see them connected to me, but they can not send or receive packets.  May be i have not set the server right.  OR i have not done the ip addressing in the right way.  If some one could tell me step-by-step how to set up the
 Routing and remote acces in windows 2003 server, that would help alot.  Also, how would you know if your isp alows VPN connection.
0
 
LVL 10

Expert Comment

by:snerkel
ID: 12360103
In my own experiments I can connect using RAS and browse the Internet through the VPN tunnel, but as soon as I use the same PC to connect by VPN through the Internet browsing the Internet stops working. I tried many fixes and did loads of packet monitoring trying to find the problem, in the end I found the requests seemed to be being routed correctly, both the VPN server and the router showed that a connection had been made to the relivent site, but data never got back to the client. In the end I set up a web proxy server and have never looked back since (it also speeds up browsing for clients using RAS).

Analogx is very quick and easy to setup, I will make some notes how to do it, give me a few minutes.

0
 

Expert Comment

by:dchemko
ID: 12360248
"Also, how would you know if your isp alows VPN connection."
Well, you could actually try the connection. That's about all that is guaranteed to work. Since VPN is pretty important for business, I doubt any but the most regimented governments block access from an ISP level. If your friends are in a corporation trying to browse while working, it'll be hit and miss, since Admins generally don't want employees fcking with the security integrity of their networks.

I'm basing my assumptions on Win2k since that's what I use, but the theory if nothing else should carry over. I'm sure little has changed between releases.

I asssum you have one LAN entry, and potentially several VPN connections.

I recommend setting up a DNS & DHCP server on your PC to facilitate their VPN. Otherwise, they can forward data to your PC, but they won't know a DNS server to use. If not otherwise specified, they'll continue to search for their old DNS server which is located wherever they came from. If you don't have physical access to their old DNS servers, then they go nowhere through the LAN interface. If you don't have NAT setup on the windows machine (the horrible built-in 'internet connection scharing' system) that'll need to get done. Since their IP addresses won't be valid from your ISP, you'll need to make sure the Source-NAT'ed from your machine at home. This can be tested with a Packet Sniffer like Ethereal for Windows.

0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 10

Expert Comment

by:snerkel
ID: 12360332
Install Analogx proxy, then in configuration the IP to enter in the "proxy binding" is the LAN IP address of the PC running Analogx.

On the client PCs open Internet Explorer, Tools, Internet options. Go to the Connections TAB, in the "Dial up and VPN settings" list you should see the VPN connection you setup on the PC, highlight it and click settings

Ensure only "use a proxy server for this connection" is ticked, then enter the IP address used in Analogx and enter the port as 6588

OK your way out and that is it, when the client uses VPN the Internet connection will automatically go through your server, if they aren't connected to VPN then the Internet will work normally.
0
 

Author Comment

by:sschange
ID: 12364294
snerkel
do in need to have a different computer to set RAS on or can it be on the same computer?


same thing with DNS & DHCP, do I need to have a diferent servers for thoes as well?
0
 
LVL 10

Expert Comment

by:snerkel
ID: 12364393
Everything can run on the one PC if required. I assign a fixed IP to my VPN servers LAN card and also assign a fixed IP range in the VPN server for assigning to clients (eg I don't use the DHCP server for the VPN clients).

 I can't help much with specifics of Windows 2003 server as I don't use it.
0
 

Author Comment

by:sschange
ID: 12376957
I have not had time to try what you guys have suggested, let me try it and i will get back to you in a day..

thanks
0
 
LVL 2

Accepted Solution

by:
chrispallett earned 500 total points
ID: 12386125
I see no advantage to running an additional proxy server when the correct configuration of RRAS will do the job.  It's more of a work-around with another piece of software to be worrying about than a fix!

sschange - under the routing & remote access management console - right click your server on the tree and select properties.  On the general tab you'll have a couple of tic boxes labelled 'Router' and 'remote access server'.  Are both of these boxes ticked (they need to be)?

I am also assuming that you have either a DHCP service running, or a static pool of addresses that are offering appropriate IP information to your clients when they connect.

Regarding ccceqo2's comment on unticking the 'use default gateway on remote network' - this option MUST be selected otherwise the client computer will only route traffic destined for your network.
0
 

Author Comment

by:sschange
ID: 12386517
chrispallet,

what exactly do you mean by offering approprite IP?  Like i said i am new in the networking area.  what would be a good range of IP addresses.  Right now I have the Static IP pool set to 192.168.1.100 - 192.168.1.200.  Also i do have the 'Router' and 'remote access server' checked.  the 'use default gateway on remote network' was also cleared.  still they can only connect to and not be able to browse the internet.

anything else you think i need to set?

thanks,
0
 

Author Comment

by:sschange
ID: 12386522
Also what is the Windows 2003 Terminal Server? can anyone explaine it to me.
0
 
LVL 2

Expert Comment

by:chrispallett
ID: 12387802
sschange,

Do you have DHCP running on your server?  If so, you will not need the static IP pool.  If you are not using DHCP then please advise what local (Lan) Ip your server has so we can advise on your static pool.

Also - when the client is connected to the VPN can they ping hosts on your network?  I.e. your own personal machine, the server etc.

Regarding terminal server, I would suggest starting here:  http://www.microsoft.com/windowsserver2003/technologies/terminalservices/default.mspx

0
 

Author Comment

by:sschange
ID: 12403449
for some reason it still does not want to work.  I will try to see what else i can come up with. if i have anymore questions i will post it again.  thanks for all you guys's help and comments.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now